What's even worse, that state requires all the parts of your webapp to share some dynamically-changing knowledge concerning who is authorized to do what, which mobile apps were authorized to have an access and so on.

JWT

Json Web Tokens. That’s how we will be able to detach our authorization logic from everything else.

They’re simple, both to issue, to store and to check.

They’re URL-safe.

They’re cryptographically safe.

They’re stateless. (One can easily add some state on top of them if required.)

So my proposal is simple.
Let’s implement the JWT-issuing server with RESTful API (I’ve already have a prototype, it’s called AuthStralia). Add some management tool on top of that (should be probably called AuthRica). And then go absolutely wild implementing JWT-validating plugins for all the possible frameworks and environments we will be able to think of. (The only appropriate name I’ve managed to invent here so far is AuthEns, so bring your atlas with you, if possible.)

And yes, AuthStralia prototype is written in Elixir lang. So if pure functional homoiconic languages with purely hygienic macro sistems are your kind of poison — you’re welcome to join just for that reason.

[kubeojo in 10 seconds-click-me to visualize-...

Reply to :

Loading ...

# A First Level Header
## A Second Level Header
Use one asterisk to *emphasize*
Use two asterisks for **strong emphasis**
* Use asterisks
* for lists
This is an [example link](http://example.com/)
This is an ![example image](http://paste.opensuse.org/view/raw/68957446)
This is a user link @hans
This is a project link hw#some-cool-title